Recommended: Click here to improve PC speed »
What is Cross Site Scripting?
Cross Site Scripting allows an attacker to embed malicious JavaScript, VBScript,ActiveX, HTML, or Flash into a vulnerable dynamic page to fool the user, executingthe script on his machine in order to gather data. The use of XSS might compromiseprivate information, manipulate or steal cookies, create requests that can bemistaken for those of a valid user, or execute malicious code on the end-usersystems. The data is usually formatted as a hyperlink containing malicious contentand which is distributed over any possible means on the internet. Cross sitescripting vulnerabilities are extremely dangerous and the number of the attacks ison the rise. More information about Cross Site Scripting can be found athttp://www.acunetix.com/web sitesecurity/cross-site-script ing.htm
Many a large-scale corporation has fallen prey to Cross Site Scripting, as it is oneof the most common yet underestimated of web attacks. In August 2006, hackers stolethe personal data of nearly 19,000 DSL equipment customers through a vulnerabilityin AT&T s online store. Whereas in June 2006, PayPal users were tricked into givingaway social security numbers, credit card details and other highly sensitivepersonal information through a cross site scripting vulnerability in the PayPalwebsite.
A report from Mitre Corp., a US government funded research organization, issued inSeptember 2006 indicated that Cross-Site scripting ranked first in a list of topsecurity risks. In a study conducted by Acunetix, 42% of the websites scanned withAcunetix WVS were found to be vulnerable to Cross Site Scripting.
Companies don t realize the danger their web sites are under and are thereforereluctant to invest in web vulnerability scanners. Consequently, security officersdon t have the tools to protect their websites. The free XSS scanner will givesecurity officers access to a professional cross site scanning tool, that will allowthem to assess their web sites for the cross site scripting danger, said JonathanSpiteri, Technical Manager of Acunetix.
Scanning for XSS vulnerabilities with Acunetix WVS Free Edition
To check whether your website has cross site scripting vulnerabilities, download theFree Edition from http://www.acunetix.com/cross- site-scripting/scanner.htm. Thisversion will scan any website / web application for XSS vulnerabilities and it willalso reveal all the essential information related to it, such as the vulnerabilitylocation and remediation techniques. Scanning for XSS is normally a quick exercise(depending on the size of the web-site). A detailed guide how to scan for cross sitescripting vulnerabilities can be found herehttp://www.acunetix.com/w ebsitesecurity/xss.htm.
The Free edition also allows you to sample what other threats Acunetix WVS can findby allowing you to scan the Acunetix test sites for vulnerabilities.
About Acunetix Web Vulnerability Scanner
Acunetix Web Vulnerability Scanner ensures website security by automaticallychecking for SQL injection, Cross site scripting and other vulnerabilities. Itchecks password strength on authentication pages and automatically audits shoppingcarts, forms, dynamic content and other web applications. As the scan is beingcompleted, the software produces detailed reports that pinpoint wherevulnerabilities exist. Acunetix WVS Reporting Application allows security alerts tobe presented in a document which abides by the PCI DSS specification.
About Acunetix
Acunetix was founded to combat the alarming rise in web attacks. Its flagshipproduct, Acunetix Web Vulnerability Scanner, is the result of several years ofdevelopment by a team of highly experienced security developers. Acunetix is aprivately held company with headquarters based in Europe (Malta) and an office inLondon, UK. For more information about Acunetix, visit: http://www.acunetix.com;http: //www.acunetix.de.
All product and company names herein may be trademarks of their respective owners.
For more information:Please email Tamara Naudi: tamara@acunetix.com
